Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[LE.UM.2.3.2.r1.4] [SECURITY] perf: core: Avoid race condition when releasing perf-events #2000

Conversation

ix5
Copy link

@ix5 ix5 commented Jun 4, 2019

This is the only part of the 2019-06-05 kernel security patches that we need to apply.
https://source.android.com/security/bulletin/2019-06-01.html#kernel-components

The function, perf_event_release_kernel(), that's used to free the
perf events is dependent on the CPU associated to this event be
online. The function checks at the beginning: if the CPU is offline,
put it in a zombie list and return immediately. Else, proceed and
make a cross-cpu call (from perf_remove_from_context()) to complete
the functionality.

However, there's a potential chance of a race if the CPU went
offline between the initial check and the cross-cpu call. The
cross-cpu call deletes the event from the context's list, but
if the CPU is offline, this deletion doesn't happen. Later
the event is freed irrespective of this failure and the event
still exists in the list. Now, when the list is traversed, it
would try to access the memory which is freed, resulting in a
memory abort.

As a result, before calling perf_event_release_kernel(), capture
the perf's pmus_mutex lock to prevent the CPU from going offline
during the operation.

Change-Id: I20241639ea9a8dc87e5a88cf81e940b3d6cb773c
Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org>
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
@ix5 ix5 marked this pull request as ready for review June 4, 2019 13:47
@ix5
Copy link
Author

ix5 commented Jun 4, 2019

Compiles for kagura

@ix5 ix5 changed the title [WIP] perf: core: Avoid race condition when releasing perf-events [LE.UM.2.3.2.r1.4] [SECURITY] perf: core: Avoid race condition when releasing perf-events Jun 4, 2019
@jerpelea jerpelea merged commit 20989d5 into sonyxperiadev:aosp/LE.UM.2.3.2.r1.4 Jun 13, 2019
@ix5 ix5 deleted the securitypatch-2019-06-05-perf-core-avoid-race branch June 16, 2019 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants